Forum Moderators: open
I'd like my website to query a MS SQL database hosted on a different website (with a different ISP). It is a shared server which seems to hosts a number of SQL databases.
i.e I have www.website1.com which hosts a SQL database.
I want to access this data from www.website2.com and also www.website3.com
Website2 and website3 are hosted with completely seperate ISPs to website1.
Does anyone know how secure my SQL connections will be?
Is there anything that can I do to improve security?
Currently, connections are authenticated by username and password. I assume that this information would be pretty easy to intercept by a person that knew what they were doing.
When I'm doing admin on the site I use Microsoft SQL Enterprise Manager to access the databases. How secure is this? - it doesn't seem to be encrypted in any way.
Rathaer than publish SQL see if you can use a VPN or webservice. If its not feasible you should create sql accounts that have read only access to specific views required not the tables or procedures.
There only one thing to do is probably change SQL port form default 1433 to something else. But I do not know feasible it is on shared server
Our ISP has already done this. If accessing the server from a site hosted elsewhere, we use a different port.
How easy do you think it would be for someone to intercept my password if I connected from a different webserver?
I don't think my ISP supports connections via VPN.
This may sound scary, but it's the same for any unencrypted communication (FTP, POP3, HTTP Authentication, etc.)
It's a case of evaluating the risk to your site in particular. It is unlikely to happen, I'd suggest it's more likely that your hard disk would fail than the database being compromised. However if you're storing credit card details on that database, then it's something you'll want to secure. If you're just holding a message board, or something along those lines, then just keeping a backup is probably a more suitable solution.
